diff --git a/src/common/base64.c b/src/common/base64.c index 3d91e36..0895dba 100644 --- a/src/common/base64.c +++ b/src/common/base64.c @@ -97,7 +97,6 @@ int base64url_decode(const char *src, size_t src_len, uint8_t *dest, size_t dest return -1; } *(dest++) = (pr2six[(uint8_t) src[2]] << 6 | pr2six[(uint8_t) src[3]] >> 0); - dest_len--; } return dest - original_dest; diff --git a/src/common/bip32_check.c b/src/common/bip32_check.c index 47a137f..025c2e7 100644 --- a/src/common/bip32_check.c +++ b/src/common/bip32_check.c @@ -4,7 +4,7 @@ #include "bip32_check.h" -bool check_bip32_path(uint8_t bip32_path_len, uint32_t bip32_path[MAX_BIP32_PATH]) { +bool check_bip32_path(uint8_t bip32_path_len, const uint32_t bip32_path[MAX_BIP32_PATH]) { if (bip32_path_len <= 2) return false; return bip32_path[0] == 0x8000002c && bip32_path[1] == 0x8000025f; diff --git a/src/common/bip32_check.h b/src/common/bip32_check.h index 5d4f23f..2c197e7 100644 --- a/src/common/bip32_check.h +++ b/src/common/bip32_check.h @@ -13,7 +13,7 @@ * @return true if the BIP32 path is valid, false otherwise. * */ -bool check_bip32_path(uint8_t bip32_path_len, uint32_t bip32_path[MAX_BIP32_PATH]); +bool check_bip32_path(uint8_t bip32_path_len, const uint32_t bip32_path[MAX_BIP32_PATH]); /** * Check the bip32 path stored in G_context. diff --git a/src/handler/sign_tx.c b/src/handler/sign_tx.c index 46033c2..844c4a0 100644 --- a/src/handler/sign_tx.c +++ b/src/handler/sign_tx.c @@ -119,8 +119,6 @@ int handler_sign_tx(buffer_t *cdata, bool first, bool more) { if (swap_check_validity()) { PRINTF("Swap response validated\n"); - // Unreachable due to io_send_sw instant replying and quitting to Exchange in Swap mode - // Failsafe ui_action_validate_transaction(true); } else { // Unreachable due to io_send_sw instant replying and quitting to Exchange in Swap mode diff --git a/src/swap/handle_check_address.c b/src/swap/handle_check_address.c index b319724..79d9b65 100644 --- a/src/swap/handle_check_address.c +++ b/src/swap/handle_check_address.c @@ -13,8 +13,10 @@ #include "constants.h" #include "crc16.h" -#define BASE_CHAIN 0x00 -#define MASTER_CHAIN 0xFF +#define BASE_CHAIN 0x00 +#define MASTER_CHAIN 0xFF +#define ADDRESS_BASE64_LENGTH 48 +#define ADDRESS_DECODED_LENGTH 36 /* Set params.result to 0 on error, 1 otherwise */ void swap_handle_check_address(check_address_parameters_t *params) { @@ -34,8 +36,10 @@ void swap_handle_check_address(check_address_parameters_t *params) { return; } PRINTF("Address to check %s\n", params->address_to_check); - if (strlen(params->address_to_check) != 48) { - PRINTF("Address to check expected length 48, not %d\n", strlen(params->address_to_check)); + if (strlen(params->address_to_check) != ADDRESS_BASE64_LENGTH) { + PRINTF("Address to check expected length %d, not %d\n", + ADDRESS_BASE64_LENGTH, + strlen(params->address_to_check)); return; } @@ -66,24 +70,30 @@ void swap_handle_check_address(check_address_parameters_t *params) { } PRINTF("hash %.*H\n", HASH_LEN, hash); - char address_base64url[48]; - if (base64_to_base64url(params->address_to_check, 48, address_base64url, 48) < 0) { + char address_base64url[ADDRESS_BASE64_LENGTH]; + if (base64_to_base64url(params->address_to_check, + ADDRESS_BASE64_LENGTH, + address_base64url, + ADDRESS_BASE64_LENGTH) < 0) { PRINTF("Failed to convert to base64url\n"); return; } - uint8_t address_decoded[36]; - int ret = base64url_decode(address_base64url, 48, address_decoded, 36); - if (ret != 36) { + uint8_t address_decoded[ADDRESS_DECODED_LENGTH]; + int ret = base64url_decode(address_base64url, + ADDRESS_BASE64_LENGTH, + address_decoded, + ADDRESS_DECODED_LENGTH); + if (ret != ADDRESS_DECODED_LENGTH) { PRINTF("%d\n", ret); PRINTF("Failed to decode\n"); return; } - PRINTF("address_decoded = %.*H\n", 36, address_decoded); + PRINTF("address_decoded = %.*H\n", ADDRESS_DECODED_LENGTH, address_decoded); uint8_t flag = address_decoded[0]; uint8_t workchain_id = address_decoded[1]; uint8_t *account_id = &address_decoded[2]; - uint16_t address_verification = U2BE(address_decoded, 34); + uint16_t address_verification = U2BE(address_decoded, ADDRESS_DECODED_LENGTH - 2); if (flag & NON_BOUNCEABLE) { PRINTF("Setting mode NON_BOUNCEABLE\n"); @@ -121,7 +131,7 @@ void swap_handle_check_address(check_address_parameters_t *params) { return; } - uint16_t calculated_address_verification = crc16(address_decoded, 34); + uint16_t calculated_address_verification = crc16(address_decoded, ADDRESS_DECODED_LENGTH - 2); if (calculated_address_verification != address_verification) { PRINTF("Wrong address verification: calculated %d, received %d\n", calculated_address_verification, diff --git a/src/swap/handle_get_printable_amount.c b/src/swap/handle_get_printable_amount.c index bc2b9f4..6d6bb31 100644 --- a/src/swap/handle_get_printable_amount.c +++ b/src/swap/handle_get_printable_amount.c @@ -1,5 +1,6 @@ #ifdef HAVE_SWAP +#include // memset, explicit_bzero #include "handle_swap_sign_transaction.h" #include "swap.h" #include "os.h" @@ -47,7 +48,7 @@ void swap_handle_get_printable_amount(get_printable_amount_parameters_t* params) return; error: - memset(params->printable_amount, '\0', sizeof(params->printable_amount)); + explicit_bzero(params->printable_amount, sizeof(params->printable_amount)); } #endif // HAVE_SWAP diff --git a/tests/test_name_version.py b/tests/test_name_version.py index a819141..dc3c29f 100644 --- a/tests/test_name_version.py +++ b/tests/test_name_version.py @@ -1,9 +1,37 @@ +import re +from pathlib import Path from application_client.ton_command_sender import BoilerplateCommandSender from application_client.ton_response_unpacker import unpack_get_app_and_version_response +def check_version(root_path: Path, target_version: str): + """Extract and check if the version in the Makefile matches the target version.""" + version_re = re.compile(r"^APPVERSION_(?P[MNP])\s*=\s*(?P\d+)", re.I) + vers_dict = {} + makefile = f"{root_path.parent.resolve()}/Makefile" + + # Read the file and extract the version + with open(makefile, "r", encoding="utf-8") as f: + for line in f: + match = version_re.match(line) + if match: + part = match.group("part") + vers_dict[part] = int(match.group("val")) + + # Ensure all parts (M, N, P) are present + try: + major = vers_dict['M'] + minor = vers_dict['N'] + patch = vers_dict['P'] + except KeyError: + raise ValueError("The version in the Makefile is incomplete.") + + extracted_version = f"{major}.{minor}.{patch}" + + print(f"Makefile version: {extracted_version}, Target version: {target_version}") + assert extracted_version == target_version # Test a specific APDU asking BOLOS (and not the app) the name and version of the current app -def test_get_app_and_version(backend, backend_name): +def test_get_app_and_version(backend, default_screenshot_path): # Use the app interface instead of raw interface client = BoilerplateCommandSender(backend) # Send the special instruction to BOLOS @@ -11,5 +39,6 @@ def test_get_app_and_version(backend, backend_name): # Use an helper to parse the response, assert the values app_name, version = unpack_get_app_and_version_response(response.data) + check_version(default_screenshot_path, version) assert app_name == "TON" - assert version == "2.4.0" +